These big firms and US agencies all use software from the company breached in a massive hack being blamed on Russia

hacker person keyboard cyber security
  • Many companies and government agencies are clients of SolarWinds, the software company that suffered a massive, months-long hack made public on Sunday.
  • SolarWinds says it has more than 300,000 clients, including US government agencies and the vast majority of Fortune 500 companies.
  • It is unclear how many of them are using the software that was attacked. SolarWinds did not immediately respond to Business Insider's request for comment.
  • Scroll down for a list of the most significant SolarWinds clients.
  • Visit Business Insider's homepage for more stories.

Thousands of international companies and numerous US government agencies, from the Department of Homeland Security to the State Department, are clients of the company whose software was breached in a massive hack.

SolarWinds announced a "highly sophisticated" attack on its Orion software on Sunday. Cybersecurity company FireEye said Sunday it was tracking the attack, saying that it began earlier in 2020 and may have left some systems compromised for months.

The Trump administration admitted that hackers had gained access to a number of key government networks including the Treasury and the Commerce Department, The New York Times reported.

By Monday evening, the State Department, the National Institutes of Health, and the Department of Homeland Security were also confirmed as victims of the hack, according to The Washington Post.

DHS's Cybersecurity and Infrastructure Security Agency, whose director was recently fired by outgoing President Donald Trump for confirming the integrity of the 2020 election, issued an emergency directive calling on "all federal civilian agencies to review their networks for indicators of compromise."

"The compromise of SolarWinds' Orion Network Management Protocols poses unacceptable risks to the security of federal networks," CISA Acting Director Brandon Wales said.

According to FireEye - which was itself hacked - the attackers gained access via the update server of a monitoring and management software made by SolarWinds called Orion IT.

The attack was "likely conducted by an outside nation state," SolarWinds said. People familiar with the matter told Reuters that they believe the hack is Russian in origin.

The Russian Embassy in Washington, DC, denied responsibility.

It is unclear which companies and agencies are using the specific software that was affected, and if so, whether they have been targeted. SolarWinds did not immediately respond to Business Insider's queries. 

FireEye said Sunday that the hack was "widespread, affecting public and private organizations around the world."

Here is a list of the biggest agencies and companies that SolarWinds lists on its site as clients:

US agencies

  • The Office of the President of the United States
  • The Secret Service
  • The Department of Defense
  • The US Army, Marine Corps, Navy, Air Force, and Coast Guard
  • The State Department
  • The Federal Reserve
  • NASA
  • The NSA
  • The CDC
  • The Department of Justice
  • The State Department
  • The National Institutes of Health
  • The Department of Homeland Security

Major companies

  • Microsoft
  • Credit Suisse
  • Ford
  • Visa
  • Mastercard
  • AT&T
  • Procter & Gamble
  • PwC
  • Best Western
  • Lockheed Martin
  • Boston Consulting Group
  • CBS
  • Time Warner
  • Cisco
  • McDonald's
  • Comcast
  • Ernst & Young
  • The Gates Foundation
  • Gillette
  • Blue Cross Blue Shield
  • Harvard
  • Sprint
  • Hertz
  • Volvo
  • Kodak
  • Nestlé
  • The New York Times
  • San Francisco Intl. Airport
  • Yahoo!

(Note: The full list of SolarWinds clients is larger)

Read the original article on Business Insider


No comments

Powered by Blogger.